Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: add fingerprint reader setup and management instructions

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-05-29 08:36:25 +02:00
parent cf340ca277
commit 51a3a10701
2 changed files with 75 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
README.md
View File

@@ -58,3 +58,62 @@ umask 0077; wg genpsk > psk
```console ```console
nix hash to-sri --type sha256 $(nix-prefetch-url https://tar.gz) nix hash to-sri --type sha256 $(nix-prefetch-url https://tar.gz)
``` ```
# 8. Fingerprint Reader Setup (e.g., on Framework Laptop with Goodix reader)
This section assumes you have configured fingerprint support in your NixOS configuration, for example, by creating and importing a module like `hosts/nb/modules/fingerprint.nix` with the following content:
```nix
# hosts/nb/modules/fingerprint.nix
{ config, pkgs, ... }:
{
services.fprintd.enable = true;
security.pam.services.login.fprintAuth = true;
security.pam.services.sudo.fprintAuth = true;
# Add other services like swaylock if needed
# security.pam.services.swaylock.fprintAuth = true;
}
```
After rebuilding your NixOS configuration (`sudo nixos-rebuild switch`), you can enroll fingerprints for a user.
## Enrolling Fingerprints
To enroll a fingerprint for the current user:
```console
fprintd-enroll
```
Or for a specific user (e.g., `dominik`):
```console
fprintd-enroll dominik
```
Follow the on-screen prompts to scan your fingerprint multiple times.
## Verifying Enrollment
You can verify enrolled fingerprints:
```console
fprintd-verify
```
## Listing Enrolled Fingerprints
To see which fingers are enrolled for the current user:
```console
fprintd-list $(whoami)
```
Or for a specific user:
```console
fprintd-list dominik
```
## Deleting Fingerprints
To delete all fingerprints for the current user:
```console
fprintd-delete $(whoami)
```
Or for a specific user:
```console
fprintd-delete dominik
```
You can also delete specific fingerprints by their ID if you know it.

16
hosts/nb/modules/fingerprint.nix
View File

@@ -5,5 +5,21 @@
security.pam.services.login.fprintAuth = true; security.pam.services.login.fprintAuth = true;
security.pam.services.sudo.fprintAuth = true; security.pam.services.sudo.fprintAuth = true;
security.pam.services.sddm.fprintAuth = true;
# If you use swaylock and want fingerprint auth for it:
security.pam.services.swaylock.fprintAuth = true; security.pam.services.swaylock.fprintAuth = true;
# Add Polkit rule to allow locally active users to manage their own fingerprints
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (action.id == "net.reactivated.fprint.device.enroll" ||
action.id == "net.reactivated.fprint.device.verify" ||
action.id == "net.reactivated.fprint.device.delete" ||
action.id == "net.reactivated.fprint.device.list") {
// Allow active, local users to manage their own fingerprints
if (subject.active && subject.local) {
return polkit.Result.YES;
}
}
});
'';
} }